Vulnerabilities > Google > Chrome > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-25 | CVE-2019-5870 | Use After Free vulnerability in Google Chrome Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2019-11-25 | CVE-2019-5866 | Out-of-bounds Write vulnerability in Google Chrome Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 9.8 |
| 2019-11-25 | CVE-2019-5850 | Use After Free vulnerability in Google Chrome Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2019-11-20 | CVE-2016-9652 | Unspecified vulnerability in Google Chrome Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75. | 9.8 |
| 2019-11-20 | CVE-2016-5194 | Unspecified vulnerability in Google Chrome Unspecified vulnerabilities in Google Chrome before 54.0.2840.59. | 9.8 |
| 2019-10-25 | CVE-2016-5202 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Chrome browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. | 9.1 |
| 2019-02-19 | CVE-2019-5759 | Use After Free vulnerability in multiple products Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2019-01-09 | CVE-2018-6127 | Use After Free vulnerability in multiple products Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2019-01-09 | CVE-2018-16068 | Improper Input Validation vulnerability in multiple products Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2019-01-09 | CVE-2017-15402 | Improper Input Validation vulnerability in Google Chrome Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |